Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '"%APPDATA%\IilNkXwB7h8NQU7I\N4kTm8YXBzvC.exe",explorer.exe'
- %APPDATA%\IilNkXwB7h8NQU7I\N4kTm8YXBzvC.exe
- %TEMP%\7xG6zJVfolO57S0x.exe
- %TEMP%\Jen7V5102nUuQvGO
- %HOMEPATH%\desktop\Minecraft.jar
- %HOMEPATH%\desktop\BeniOku.txt
- %APPDATA%\IilNkXwB7h8NQU7I\N4kTm8YXBzvC.exe
- 'un#####ns.duckdns.org':456
- DNS ASK un#####ns.duckdns.org
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\7xG6zJVfolO57S0x.exe'
- '<Полный путь к файлу>'
- '<SYSTEM32>\notepad.exe' %HOMEPATH%\desktop\BeniOku.txt
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shell32.dll,OpenAs_RunDLL %HOMEPATH%\desktop\Minecraft.jar